GHSA-pjwm-cr36-mwv3: ReDoS in giskard's transformation.py (GHSL-2024-324)

GHSA-j3vq-pmp5-r5xj: Missing ratelimit on passwrod resets in zenml

GHSA-j3px-q95c-9683: zlib-rs stack overflow during decompression with malicious input

GHSA-p2h2-3vg9-4p87: Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

GHSA-hff8-hjwv-j9q7: Remote Code Execution on click of <a> Link in markdown preview

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

**Package**

maven org.apache.sling:org.apache.sling.api (Maven)

**Affected versions**

<= 2.25.0

maven org.apache.sling:org.apache.sling.commons.log (Maven)

Headline

GHSA-qmx3-m648-hr74: Log Injection in Apache Sling Commons Log and Apache Sling API

Related news

ghsa: Latest News